Bump the npm_and_yarn group across 1 directory with 22 updates#5
Closed
dependabot[bot] wants to merge 1 commit into
Closed
Bump the npm_and_yarn group across 1 directory with 22 updates#5dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the npm_and_yarn group with 14 updates in the / directory: | Package | From | To | | --- | --- | --- | | [body-parser](https://github.com/expressjs/body-parser) | `1.18.3` | `1.20.4` | | [express](https://github.com/expressjs/express) | `4.16.4` | `4.22.1` | | [marked](https://github.com/markedjs/marked) | `0.3.5` | `4.0.10` | | [underscore](https://github.com/jashkenas/underscore) | `1.9.1` | `1.13.8` | | [async](https://github.com/caolan/async) | `2.6.1` | `2.6.4` | | [grunt](https://github.com/gruntjs/grunt) | `1.0.3` | `1.6.2` | | [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` | | [bson](https://github.com/mongodb/js-bson) | `1.0.9` | `7.2.0` | | [tmp](https://github.com/raszi/node-tmp) | `0.0.24` | `0.2.5` | | [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` | | [got](https://github.com/sindresorhus/got) | `6.7.1` | `removed` | | [i](https://github.com/pksunkara/inflect) | `0.3.6` | `0.3.7` | | [on-headers](https://github.com/jshttp/on-headers) | `1.0.1` | `1.1.0` | | [set-value](https://github.com/jonschlinkert/set-value) | `2.0.0` | `2.0.1` | Updates `body-parser` from 1.18.3 to 1.20.4 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](expressjs/body-parser@1.18.3...1.20.4) Updates `express` from 4.16.4 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.16.4...v4.22.1) Updates `express` from 4.16.4 to 4.22.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/v4.22.1/History.md) - [Commits](expressjs/express@4.16.4...v4.22.1) Updates `marked` from 0.3.5 to 4.0.10 - [Release notes](https://github.com/markedjs/marked/releases) - [Commits](markedjs/marked@v0.3.5...v4.0.10) Updates `underscore` from 1.9.1 to 1.13.8 - [Commits](jashkenas/underscore@1.9.1...1.13.8) Updates `async` from 2.6.1 to 2.6.4 - [Release notes](https://github.com/caolan/async/releases) - [Changelog](https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md) - [Commits](caolan/async@v2.6.1...v2.6.4) Updates `grunt` from 1.0.3 to 1.6.2 - [Release notes](https://github.com/gruntjs/grunt/releases) - [Changelog](https://github.com/gruntjs/grunt/blob/main/CHANGELOG) - [Commits](gruntjs/grunt@v1.0.3...v1.6.2) Updates `ajv` from 6.10.0 to 6.15.0 - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.10.0...v6.15.0) Updates `brace-expansion` from 1.1.11 to 1.1.14 - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](juliangruber/brace-expansion@1.1.11...v1.1.14) Updates `bson` from 1.0.9 to 7.2.0 - [Release notes](https://github.com/mongodb/js-bson/releases) - [Changelog](https://github.com/mongodb/js-bson/blob/main/HISTORY.md) - [Commits](mongodb/js-bson@v1.0.9...v7.2.0) Updates `js-yaml` from 3.5.5 to 3.6.1 - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@3.5.5...3.6.1) Updates `tmp` from 0.0.24 to 0.2.5 - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](raszi/node-tmp@v0.0.24...v0.2.5) Updates `tough-cookie` from 2.2.2 to 2.3.1 - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v2.2.2...v2.3.1) Updates `decode-uri-component` from 0.2.0 to 0.2.2 - [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases) - [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2) Updates `getobject` from 0.1.0 to 1.0.2 - [Release notes](https://github.com/cowboy/node-getobject/releases) - [Commits](cowboy/node-getobject@v0.1.0...v1.0.2) Removes `got` Updates `i` from 0.3.6 to 0.3.7 - [Commits](pksunkara/inflect@v0.3.6...v0.3.7) Updates `on-headers` from 1.0.1 to 1.1.0 - [Release notes](https://github.com/jshttp/on-headers/releases) - [Changelog](https://github.com/jshttp/on-headers/blob/master/HISTORY.md) - [Commits](jshttp/on-headers@v1.0.1...v1.1.0) Updates `path-to-regexp` from 0.1.7 to 0.1.13 - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md) - [Commits](pillarjs/path-to-regexp@v0.1.7...v.0.1.13) Updates `send` from 0.16.2 to 0.19.2 - [Release notes](https://github.com/pillarjs/send/releases) - [Changelog](https://github.com/pillarjs/send/blob/master/HISTORY.md) - [Commits](pillarjs/send@0.16.2...0.19.2) Updates `serve-static` from 1.13.2 to 1.16.3 - [Release notes](https://github.com/expressjs/serve-static/releases) - [Changelog](https://github.com/expressjs/serve-static/blob/master/HISTORY.md) - [Commits](expressjs/serve-static@v1.13.2...v1.16.3) Updates `set-value` from 2.0.0 to 2.0.1 - [Commits](jonschlinkert/set-value@2.0.0...2.0.1) Updates `undefsafe` from 2.0.2 to 2.0.5 - [Release notes](https://github.com/remy/undefsafe/releases) - [Commits](remy/undefsafe@v2.0.2...v2.0.5) --- updated-dependencies: - dependency-name: body-parser dependency-version: 1.20.4 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: express dependency-version: 4.22.1 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: marked dependency-version: 4.0.10 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: underscore dependency-version: 1.13.8 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: async dependency-version: 2.6.4 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: grunt dependency-version: 1.6.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: ajv dependency-version: 6.15.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: brace-expansion dependency-version: 1.1.14 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: bson dependency-version: 7.2.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: js-yaml dependency-version: 3.6.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tmp dependency-version: 0.2.5 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: tough-cookie dependency-version: 2.3.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: decode-uri-component dependency-version: 0.2.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: getobject dependency-version: 1.0.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: got dependency-version: dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: i dependency-version: 0.3.7 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: on-headers dependency-version: 1.1.0 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: path-to-regexp dependency-version: 0.1.13 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: send dependency-version: 0.19.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: serve-static dependency-version: 1.16.3 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: set-value dependency-version: 2.0.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: undefsafe dependency-version: 2.0.5 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
Author
|
Superseded by #20. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the npm_and_yarn group with 14 updates in the / directory:
1.18.31.20.44.16.44.22.10.3.54.0.101.9.11.13.82.6.12.6.41.0.31.6.21.1.111.1.141.0.97.2.00.0.240.2.50.2.00.2.26.7.1removed0.3.60.3.71.0.11.1.02.0.02.0.1Updates
body-parserfrom 1.18.3 to 1.20.4Release notes
Sourced from body-parser's releases.
... (truncated)
Changelog
Sourced from body-parser's changelog.
... (truncated)
Commits
7db202c1.20.4 (#672)d8f8adbci: add CodeQL (SAST) (#670)6d133c1chore: remove SECURITY.md (#669)fcd1535deps: use tilde notation and update certain dependencies (#668)ec5fa29deps: qs@~6.14.0 (#664)ffb95c1ci: restore CI for 1.x branch (#665)48a5f07ci: add support for Node.js v23 (#553)f20f6adRemove redundant depth check (#538)17529511.20.339744cfchore: linter (#534)Maintainer changes
This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.
Updates
expressfrom 4.16.4 to 4.22.1Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
12fae144.22.15ddf311Revert "sec: security patch for CVE-2024-51999"49744ab4.22.0 (#6921)6e97452sec: security patch for CVE-2024-519996a23d34deps: use tilde notation forqs(#6919)8c12cdfdeps: qs@6.14.0 (#6909)7fea74fdeps: use tilde notation for certain dependencies (#6905)dac7a04chore: wider range for query test skip (#6513)997919bci: add node.js 24 to test matrix (#6506)36fb59cfix(ci): reordernpm isteps to fix ci for older node versions (#6336)Maintainer changes
This version was pushed to npm by jonchurch, a new releaser for express since your current version.
Updates
expressfrom 4.16.4 to 4.22.1Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
12fae144.22.15ddf311Revert "sec: security patch for CVE-2024-51999"49744ab4.22.0 (#6921)6e97452sec: security patch for CVE-2024-519996a23d34deps: use tilde notation forqs(#6919)8c12cdfdeps: qs@6.14.0 (#6909)7fea74fdeps: use tilde notation for certain dependencies (#6905)dac7a04chore: wider range for query test skip (#6513)997919bci: add node.js 24 to test matrix (#6506)36fb59cfix(ci): reordernpm isteps to fix ci for older node versions (#6336)Maintainer changes
This version was pushed to npm by jonchurch, a new releaser for express since your current version.
Updates
markedfrom 0.3.5 to 4.0.10Commits
ae01170chore(release): 4.0.10 [skip ci]fceda57🗜️ build [skip ci]8f80657fix(security): fix redos vulnerabilitiesc4a3ccdMerge pull request from GHSA-rrrm-qjm4-v8hfd7212a6chore(deps-dev): Bump jasmine from 4.0.0 to 4.0.1 (#2352)5a84db5chore(deps-dev): Bump rollup from 2.62.0 to 2.63.0 (#2350)2bc67a5chore(deps-dev): Bump markdown-it from 12.3.0 to 12.3.2 (#2351)98996b8chore(deps-dev): Bump@babel/preset-envfrom 7.16.5 to 7.16.7 (#2353)ebc2c95chore(deps-dev): Bump highlight.js from 11.3.1 to 11.4.0 (#2354)e5171a9chore(release): 4.0.9 [skip ci]Maintainer changes
This version was pushed to npm by tonybrix, a new releaser for marked since your current version.
Updates
underscorefrom 1.9.1 to 1.13.8Commits
9374840Merge branch 'release/1.13.8'309ad7eRe-generate annotated sources and minified codemapsa1ac1d3Add links to diff and docs in 1.13.8 change log entryb579595Mention CVE-2026-27601 in comments and documentation (#3011)45ea015Revert obfuscations from 42823bb.4a4019eUpdate minified bundles1ccfdd0Add preliminary release notes for 1.13.842823bbTemporarily obfuscate commentsa6e23aeMake _.isEqual nonrecursivef2b5164Add regression test against stack overflow in _.isEqualMaintainer changes
This version was pushed to npm by jgonggrijp, a new releaser for underscore since your current version.
Updates
asyncfrom 2.6.1 to 2.6.4Changelog
Sourced from async's changelog.
Commits
c6bdacaVersion 2.6.48870da9Update built files4df6754update changelog8f7f903Fix prototype pollution vulnerability (#1828)f1d8383Version 2.6.32b674c1update changelogeab740ffix: udpate lodash. closes #1675eaf32beVersion 2.6.2684b42eUpdate built filese1bd3daupdate changelogMaintainer changes
This version was pushed to npm by hargasinski, a new releaser for async since your current version.
Updates
gruntfrom 1.0.3 to 1.6.2Release notes
Sourced from grunt's releases.
... (truncated)
Changelog
Sourced from grunt's changelog.
... (truncated)
Commits
f49016e1.6.2662e097Update minimatch to 3.1.5 to fix CVEsa29fd18CI: add Node.js 24 to version matrixf757c4fUpdate linksb5aa834Merge pull request #1792 from UlisesGascon/security-md8d2dea2docs: refresh security policyaa15bdcMerge pull request #1786 from stscoundrel/ci-node-22ee5b2a3Merge pull request #1787 from gruntjs/add-commercial-supportc0e2b42Readme updates re: supportc4f037dCI: update GH actions V3 -> V4Maintainer changes
This version was pushed to npm by krinkle, a new releaser for grunt since your current version.
Updates
ajvfrom 6.10.0 to 6.15.0Release notes
Sourced from ajv's releases.
Commits
184bc326.15.0fea46aftest/fix prototype pollution via $data ref with format keyword (#2606)e3af0a76.14.0b552ed6add regExp option to address $data exploit via a regular expression (CVE-2025...72f2286docs: update v7 info231e52bMerge pull request #1320 from philsturgeon/patch-1d3475fcAdd spectral, an AJV util from a sponsor413afe0docs: v7.0.0-beta.311e997bupdate readme for v7fe591436.12.6Updates
brace-expansionfrom 1.1.11 to 1.1.14Release notes
Sourced from brace-expansion's releases.
Commits
10c05fc1.1.141afa1b2Add opt-in { max } mitigation to v1 legacy line (#103)2fbb6a2Revert "Backport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)" (#102)0d7652eBackport fix for GHSA-7h2j-956f-4vf2 to v1 (#101)6c353ca1.1.137fd684fBackport fix for GHSA-f886-m6hf-6m8v (#95)44f33b41.1.12c460dbdpkg: publish on tag 1.xccb8ac6fmtc3c73c8Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)Updates
bsonfrom 1.0.9 to 7.2.0Release notes
Sourced from bson's releases.
... (truncated)
Changelog
Sourced from bson's changelog.
... (truncated)
Commits
0712bb1chore(main): release 7.2.0 (#866)ffa77c6fix(NODE-7414): add copy method to ByteUtils (#867)5cf00c2feat(NODE-7328): Add ignoreUndefined option to EJSON APIs (#853)51f86bcchore(main): release 7.1.1 (#862)6511e0dfix(NODE-7399): revert bson PR 859 / NODE-7334 (#861)4375ec6chore(main): release 7.1.0 (#851)89b3a2bfix(NODE-7397): Use type predicate for isUint8Array (#860)92bbc34feat(NODE-7334): remove ByteUtils and NumberUtils from theonDemandns (#859)a31c90efeat(NODE-7314): export byteUtils & add missing methods (#852)a23e788feat(NODE-7316): export number utils (#850)Maintainer changes
This version was pushed to npm by dbx-node, a new releaser for bson since your current version.
Install script changes
This version adds
preparescript that runs during installation. Review the package contents before updating.Updates
js-yamlfrom 3.5.5 to 3.6.1Changelog
Sourced from js-yaml's changelog.
Commits
c76b8373.6.1 released